Blog

How should we approach the development of cyber-policy and -infrastructure given the “short arm” of predictive knowledge?

Because of the rapid evolution of the field, it is impossible to predict the future landscape and even more difficult to know possible vulnerabilities that cyber criminals will take advantage of. So for the development of cyber policy and infrastructure it is important to discuss how we can evolve and adapt to the changing landscape as fast or faster than these criminals. I believe that to start to prepare for the future it is most important to have a complete understanding of the current field and past events, many programs that look to take advantage of current processes are built off of current viruses and modified to adapt to new security applications. To have a predictive trajectory of how these viruses may evolve means that we need to know how we are currently defeating them and in what ways our current security processes are inefficient at dealing with threats. It is also of great importance to understand emerging technologies as to understand what vulnerabilities may prevent themselves down the road, and realizing that the progression of these technologies is most likely always going to be quicker than predicted should give us more reason to act as these technologies are still in development. More aggressive tactics for diversity and interdisciplinary studies should also be a factor when creating programs such as artificial intelligence and machine learning algorithms as to prevent problems with discrimination and ethical concerns from arising after implementation as even when developers have the best of intentions, there are often blind spots due to experience. It is also of great concern that policy is currently behind in many areas when concerning many facets of technology, creating policies that cover the current landscape is not enough and need to be expanded to try and cover far into the future even at the cost of development speeds.

How does cyber technology impact interactions between offenders and victims?

Cyber technology has had a large impact on how cyber criminals are able to interact with victims especially in cases such as cyber bullying and cyber harassment. Technology has allowed offenders to have access to victims in the current day that completely unseen in previous generations. Offenders today are able to stay completely anonymous by multiple means such as burner accounts that they can delete when reported and create a new one to continue their behavior and virtual private networks that make it increasingly difficult for law enforcement to track down the offender especially so when they are commonly switching servers and creating new accounts. Technology such as home security systems that make use of cameras can also be accessed to invade an victims privacy withing closed doors through hacking methods if the victim had the knowledge on how to secure such systems at all. Offenders that are more malicious can also use simple means like email phishing schemes to try and fool more naive individuals into giving up information that can give offenders access to personal information or temporarily them control to your operating systems. Tracking devices are also widely available in the current day and can be used to unknowingly follow a victim. Stalkers are also able to use things like social media to track individuals that may post about their private life such as their job and locations they are visiting or frequenting, allowing them to spy on the victim completely without their knowledge through completely legal means. On the contrary though, the victims of these cyber crimes are able to take advantage of some of the same applications to protect themselves from offenders. Virtual private networks can make it harder to track down a victims physical location through finding their IP address. Users can also take advantage of built in privacy applications in social media sites such as privatized accounts to limit who can view your posts. Lastly, staying up to date on possible cyber vulnerabilities and schemes will severely limit offenders options and taking advantage of applications such as two factor authentication to further secure accounts can provide much reassurance to users.

What is the overlap between criminal justice and cybercrime? How does this overlap relate to the other disciplines discussed in this class?

There is much overlap between criminal justice and cyber crime, as cyber crimes grow to be one of the most common offenses taking place both personally and against companies, proper collaboration between these fields are important. A large portion of major cyber crime events that happen in the current day are data breaches of big companies where clientele personal data gets leaked, this can lead to things like identity theft and lost trust within the company. It is often a subject of debate on how responsible a company is at securing the data that has been breached and to understand the level of negligence a company has committed, prosecutes must be informed on proper practices that may have been neglected when sentencing punishments. There is also much collaboration between cyber crime experts and criminal justice experts in tracking behaviors of cyber criminals, who is most vulnerable to what attacks, and how these criminals get tracked down so they can be prosecuted. The overlap between criminal justice and cyber crime is similar on the prosecution aspect is similar to how cyber crime and computer science relate to each other on the defense aspect. Research into cyber crime is important when developing new hardware and software as it is their responsibility to at least come up with ways to protect systems against commonly known threats. Often day zero vulnerabilities arise through back doors in software programs that allow attackers to navigate around security applications, knowing processes that these viruses and attackers use to gain access to systems are imperative to be aware of when building programs. Cyber crime also relates to leadership largely in the implementation of security frameworks. As most vulnerabilities are caused by human error, it is the leaderships responsibility to work with security professionals on construction of safe and unsafe practices and teach employees so that they are aware of how they can also prevent cyber events.

How do engineers make cyber networks safer?

Engineers hold a great deal of power over network safety, processes and practices they put in place can be make the difference in protecting our data in the event of an attack. Engineers hold a great deal of responsibility over company networks, they must protect both company data and company equipment that may be susceptible to attacks. Engineers can often help protect company data through the creation and implementation of hardware that such as physical firewalls and separate servers for company data files to try and ward off attacks and make sure that in the event of a breach an attacker will not immediately gain access to all company data. Engineers are also often of making sure programs and servers are up to date with any major software updates or patches and should be testing programs for successful operation. They are also responsible with keeping track of any known possible vulnerabilities with any of the equipment in their workplace and best practices to defend against any attackers that would try to exploit them. Furthermore, operating within the bounds of company budget engineers will also make sure that all employees understand proper use of hardware and software and develop security protocols to eliminate vulnerabilities and minimize damages within an attack. Proper upkeep of all physical devices within the companies operations that connect to the company network also falls within the bounds of an engineers responsibilities to different extents, making sure that there is not faulty hardware and running diagnostics to make sure it is operating as expected will help with ensuring the safety of continued use of all equipment within the company. It is key for collaboration with management to make sure all employees are well informed of all security practices put in place by the engineer so that all guidelines are followed and reports can be made of any detection of security breeches so that response to threats can proceed quickly and damages can be mitigated.

Describe three ways that computers have made the world safer and less safe.

Computers have become an essential tool in many people lives both in business and personal use, but a tool can be used both to make processes safer or more dangerous depending on the will of the person using it. One way computers have made the world more safe is the ability to encrypt information to a greater deal, with the use of computers it takes more effort those looking to steal information to do so as it can be encrypted through multiple different means and multiple levels, added to the fact that there is not a way to physically intercept the information during the process of transfer makes the process much safer. Another way that the world has become safer due to computers is having individualized accounts that need IDs and passwords, especially in the case of those that have multi-factor authentications in place to gain access, it is much more difficult to gain access to private information and it is much easier to manage who has access to what. The last way computers have made the world more safe is their over all computing power, the ability to test and compute multiple variable simultaneously saves much time as opposed to individual calculations, allowing us to create much more accurate sensors, programs, and systems in much less time. With all the advantages computers offer us there are also many disadvantages that uncle themselves often in the same ways that they were used to protect us. One way computers have made the world more dangerous is how criminals can operate more anonymously through encrypted messages and currencies, virtual private networks, and even just anonymous burner accounts. Computers have also made the world more dangerous because of the amounts of private data being tracked and stored, especially in the event of a leak this can lead to things like identity theft and is often the subject of ethical debates on the right to privacy. Lastly computers have made the world more dangerous in the ways that we overlook things in implementation such as AI. Often during the creation of programs it can be easy to overlook certain factors and these can lead to discrimination even with best intentions, so it is important that all factors are accounted for possible and there are many different backgrounds able to check for oversight on programs.

How can you tell if your computer is safe?

In general there is no way to tell if a computer is completely safe as there is always a chance of certain zero-day vulnerability in each system, but there are still numerous practices and checks we can do to limit the chances of these viruses existing within our systems. One check is through regular performance testing, if your computer consistently keeps similar levels of performance with regular maintenance and accounting for aging components, it is possible to limit the chance of background programs running as they would tax the system when running such tests. Another way to limit the possibility of their existence is through regular backups and resets, by backing up servers regularly we can make sure that we can erase all data in a current system and resume operations as normal with as much data as possible, while eliminating any threats within the system. Through the proper usage of safety hardware and software we can prevent as many viruses from getting in such as installing firewalls and making sure security programs are up to date. Proper management is also essential to ensure computers are safe, being informed on current phishing schemes and making sure to have keys, passwords, identifiers, and encryption will lower chances of vulnerability cause by human errors. Anti virus soft-wares will also help combat any invaders, at the very least it will often notify users of potential viruses on the system then the user can perform diagnostics tests to see if they should reset and upload a backup. Overall the most effective way of making sure your computer is safe is to practice good online habits, staying away from potentially dangerous sites, reporting possible schemes, and making sure to only download software that is ensured to be safe. Combined with safety programs and best practices, while we cannot guarantee safety, we can cover our bases to our utmost ability.

What are the costs and benefits of developing cybersecurity programs in business?

Developing security programs for business can be costly but extremely beneficial. Cybersecurity analysts work hard to build security protocols for each business within their given budget. Most of the cost associated with developing cybersecurity programs for businesses is financial. The amount of time and effort it takes to develop and the size of the organization the program is for can make costs increase exponentially. Another associated cost is resources, it can be in the form of hardware like servers for management and backups and in the form of personnel to maintain and upkeep them. Although costs can stack up quickly with program development, the benefits can often outweigh them. Creating security programs can lead to contingencies like offshore backup servers to help operations continue even in the event of a natural disaster; also, in the event of a break, these contingencies allow for a reset point so operations can more easily recover. Programs also provide tangible evidence that assets are protected, assuring stakeholders. Security programs also build a sense of trust with clientele as they can have faith that their data is secure, this allows for more business opportunities as organizations with well implemented security programs will have an easier time persuading possible partners as they know proper steps have been to eliminate as much risk as possible. Programs that are implemented from the top down allow for everyone at the organization to have more confidence in their daily duties as they would be able to more easily identify possible threats such as phishing schemes. A program that practices staying up to date on the latest security procedures and attacks also reduces the risk that attacks will go unnoticed either by an unknown backdoor entry or a new way of breaking through current security software and hardware. While security programs can be costly to create and upkeep, the costs associated with most attacks will far outweigh the money put into defense. 

How has cyber technology created opportunities for workplace deviance?

Cyber technology has created opportunities for workplace deviance in both avenues of lacking regulation or implementation and forms of white-collar cyber-crime. In the space of controllable variables there are ways that a company can try to lower the chance of cyber breaches, but it comes down to how well the program is implemented for the employees and if they follow it. A significant number of incidents are cause in large part by human error, it can start at the very foundation of a program such as mistakenly programming in a vulnerability; many can be sparked by mistakes or laziness such as simple passwords or not updating security software timely enough. A problem arises with the fact that many cyber-attacks can go unchecked for long periods of time if there is not proper management in place, particularly by former employees. If accounts are not properly handled with incoming and exiting employees, it is possible for former employees to have access to sensitive company data that can be sold to competitors. Another example would be if the case of incoming employees, if there are not proper vetting processes, a company can let in an attacker who has now been given an opportunity to physically get around many security applications and have more direct access to company data. Additionally, with cyber technology came the increased ability to operate anonymously. Now employees have increased opportunities to trade insider secrets with competitors and it is much easier to be a whistleblower on malpractice without putting your career at risk. By using applications like encrypted messaging, it is much harder to track down anyone who may be acting against the companies interests and if a company does not have proper account management, then they will have a much harder time who had access to the information in the first place. 

Use the letters of the word CYBERSECURITY to list legal ways to make money in cybersecurity.

Create security frameworks

Youtube data mining security

Build security software

Extract malware

Re-institute operations after an attack

Set up security programs

Enrollment security for students

Create security apps

Uber customer data security

Reading software to check for vulnerabilities

Increase security protocols adherence

Teach cybersecurity

Yahoo security analyst

 Compare cybersecurity risks in the U.S. and another country

Cyber-crime is a worldwide issue with attacks coming from both within and outside borders; most countries are starting to recognize the growing danger of cyber-attacks and the need for security specialists to combat assailants and each country, while they may have very similar needs for cyber security, may be combating attackers on very different fields. I will be comparing the differences between the United States cyber security landscape and that of a counter part in the United Kingdom. In the United States Phishing attacks are the most common, “in 2022 representing 41% of total reported crimes” and those ages 60 and up being a rather vulnerable demographic, “reporting 37% of all financial losses in 2022” (How Many Cyber-Attacks Occur in the US?, n.d.). In the United Kingdom phishing attacks were also the most common threat making up “83% of most identified attacks by UK businesses” (Gov.uk, 2022). In the United States, online fake investment scams alone make up a around a third of all losses, totaling $3.3 billion lost in 2022 (How Many Cyber-Attacks Occur in the US?, n.d.) while in the United Kingdom the average cost of all cyber-attacks was £4,200 and when accounting for only medium and large businesses, they lost an average of £19,400 per cyber-attack, with “31% of businesses and 26% of charities estimating they were attacked at least once a week” in 2022” (Gov.uk, 2022). With the growing danger of attacks on both individuals and businesses it is becoming increasingly important to help protect against combatants. Phishing attacks have been shown in both countries to be an extremely common way to launch a cyber-attack; as they grow more complex, the amount of damage they can cause also increases, from stealing an individual’s identity to holding an entire businesses’ operations for ransom. As cyber-attacks can easily cross borders it is also becoming increasingly important for countries to not only strengthen their safety protocols within their own bounds, but to also work together to create a safer network between each other. 

References

Gov.uk. (2022, March 30). Cyber Security Breaches Survey 2022. GOV.UK. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 

How many cyber-attacks occur in the US? (n.d.). USAFacts. https://usafacts.org/articles/how-many-cyber-attacks-occur-in-the-us/